On Tue, 15 Nov 2022 13:56:38 +0100, Maurizio Lombardi wrote:
> In case a malicious initiator sends some random data immediately after a
> login PDU; the iscsi_target_sk_data_ready() callback will
> schedule the login_work and, at the same time,
> the negotiation may end without clearing the LOGIN_FLAGS_INITIAL_PDU flag
> (because no additional PDU exchanges are required to complete the login).
>
> The login has been completed but the login_work function
> will find the LOGIN_FLAGS_INITIAL_PDU flag set and will
> never stop from rescheduling itself;
> at this point, if the initiator drops the connection, the iscsit_conn
> structure will be freed, login_work will dereference a released
> socket structure and the kernel crashes.
>
> [...]
Applied to 6.2/scsi-queue, thanks!
[1/1] target: fix a race condition between login_work and the login thread
https://git.kernel.org/mkp/scsi/c/fec1b2fa62c1
--
Martin K. Petersen Oracle Linux Engineering
